Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 4965 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Bug?] DNAT with Internet IPv4 randomly stops working

bryans2k

I've had a DNAT with Internet IPv4 as "For traffic from" for years working but recently I had to bridge LAN and RED to the internal interface. I've since removed that bridge but ever since then this DNAT rule seems to randomly stop working. I have to either change the "For traffic from" to Any or toggle it on/off to get it to work again.

 

Any ideas?



This thread was automatically locked due to age.
  • 0

    Bryan, can you confirm that there's no violation of #4 in Rulz in the Traffic Selector nor #3 in the 'Change destination to'.

    If that wasn't it, then you have a unique problem and it sounds like a recent Up2Date may have damaged your configuration database. Try restoring a backup made before you started having this problem.  Any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    No violation that I see (also verified the host object has any). I can't easily do a restore at this point because of various reasons so I might have to get support to look at it.

     

    Any shown below is usually Internet IPv4 but it seems to work without a problem with Any.

  • 0 in reply to bryans2k

    Is your UTM in bridge mode?  I think that might cause problems with the "Internet" object.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    It was and I think that's what caused this problem to happen. It's not now but I believe it's cause of my problem now as it wasn't a problem until I had it in bridge mode then took it out of bridge mode.

  • 0 in reply to bryans2k

    So, is the problem resolved?  Was it the conflict between bridging and "Internet" that was solved by using the "Any" network object instead?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I removed the bridge and that's when I discovered the problem because originally I thought it was maybe the bridge. It's still a problem but I've been using the Any object to get around it.

  • 0 in reply to bryans2k

    Interesting.  I'm curious, what do you get when you do

    cc get_object_by_name network network Internet

    or

    cc get_object_by_name network network 'Internet IPv4'

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    cc get_object_by_name network network Internet returns 0

    cc get_object_by_name network network 'Internet IPv4' returns:

    {
    'autoname' => 0,
    'class' => 'network',
    'data' => {
    'address' => '0.0.0.0',
    'address6' => '',
    'comment' => '"Any" network, bound to interfaces with default IPv4 gateway',
    'interface' => 'REF_IntEthExternaWan',
    'name' => 'Internet IPv4',
    'netmask' => 0,
    'netmask6' => 0,
    'resolved' => 1,
    'resolved6' => 0
    },
    'hidden' => 0,
    'lock' => 'user',
    'nodel' => '',
    'ref' => 'REF_NetworkInternet',
    'type' => 'network'
    }

  • 0 in reply to bryans2k

    Thanks, Bryan, that looks perfect, so it's a mystery to me why it didn't work. ???

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    The real odd thing is that it would work for a period of time then stop working.

Unfiltered HTML